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— The MAILING DATE of this communication appears on the cover sheet with the correspondence address— 

All claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
herewith (or previously mailed), a Notice of Allowance (PTOL-85) or other appropriate communication will be mailed in due course. THIS 
NOTICE OF ALLOWABILITY IS NOT A GRANT OF PATENT RIGHTS. This application is subject to withdrawal from issue at the initiative 
of the Office or upon petition by the applicant. See 37 CFR 1 .313 and MPEP 1308. 

1 . This communication is responsive to 10/24/08 . 

2. ^ The allowed claim(s) is/are 1-70 . 

3. D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a) □ All b)DSome* c) □ None of the: 

1. D Certified copies of the priority documents have been received. 

2. □ Certified copies of the priority documents have been received in Application No. . 

3. □ Copies of the certified copies of the priority documents have been received in this national stage application from the 

International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received: . 

Applicant has THREE MONTHS FROM THE "MAILING DATE" of this communication to file a reply complying with the requirements 
noted below. Failure to timely comply will result in ABANDONMENT of this application. 
THIS THREE-MONTH PERIOD IS NOT EXTENDABLE. 

4. □ A SUBSTITUTE OATH OR DECLARATION must be submitted. Note the attached EXAMINER'S AMENDMENT or NOTICE OF 

INFORMAL PATENT APPLICATION (PTO-152) which gives reason(s) why the oath or declaration is deficient. 

5. □ CORRECTED DRAWINGS ( as "replacement sheets") must be submitted. 

(a) □ including changes required by the Notice of Draftsperson's Patent Drawing Review ( PTO-948) attached 

1 ) □ hereto or 2) □ to Paper No./Mail Date . 

(b) □ including changes required by the attached Examiner's Amendment / Comment or in the Office action of 

Paper No./Mail Date . 

Identifying indicia such as the application number (see 37 CFR 1.84(c)) should be written on the drawings in the front (not the back) of 
each sheet. Replacement sheet(s) should be labeled as such in the header according to 37 CFR 1.121(d). 

6. □ DEPOSIT OF and/or INFORMATION about the deposit of BIOLOGICAL MATERIAL must be submitted. Note the 

attached Examiner's comment regarding REQUIREMENT FOR THE DEPOSIT OF BIOLOGICAL MATERIAL. 
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DETAILED ACTION 

1 . This Office Action is in response to the Applicant's amendment October 14, 2008. 

EXAMINER'S AMENDMENT 

2. An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with John A. Smart (Reg. No. 34,929) on October 14, 2008. 
Please amend the claims as follows: 
Claim 1: 

A method for controlling connections to a new computer upon its initial 
deployment, the method comprising: 

before deployment of the new computer, imaging the computer's storage to 
include a preconfigured security update policy for preventing Internet-borne infections 
occurring before the computer can obtain security-relevant updates; 

upon the initial deployment of the new computer, applying said preconfigured 
security update policy to establish at the computer a pre-access restricted zone of at 
least one preapproved host that the computer is restricted to connect to upon its initial 
deployment for obtaining current security-relevant updates, so that without relying on 
any external network-based security mechanisms the computer is provided with a fully 
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self-contained enforcement mechanisms that completely blocks the computer b l ock e d 
from all other connectivity to the Internet until security-relevant updates have been 
completed; 

receiving a request for a connection from the computer to a particular host; 

based on said preconfigured security update policy, determining whether the 
particular host is within the restricted zone of at least one preapproved host; 

blocking said connection if said particular host is not within the restricted zone of 
at least one preapproved host; and 

once the computer has complied with the security update policy, lifting the 
restricted zone so that the computer is allowed to participate with general connectivity to 
the Internet. 

Claim 26: 

A computer system that is preconfigured to control connections upon the initial 
connections upon the initial deployment, the system comprising: 

a new computer that, before deployment, is imaged to include a preconfigured 
security update policy that establishes a restricted zone of at least one preapproved 
host that the computer is restricted to connect to upon the initial deployment of the 
computer, so that without reiving on any external network-based security mechanisms 
the computer is provided with a fully self-contained enforcement mechanism that 
completely blocks the computer b l ock e d from all other connectivity to the Internet until 
security relevant updates have been completed; 
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a connectivity module for processing user requests for the computer to connect 
to a particular host; and 

a security module, located at the computer, for determining whether the particular 
host is within the restricted zone of at least one preapproved host based on said 
preconfigured security update policy, and for blocking any attempt to connect to a host 
that is not within the restricted zone of at least one preapproved host, until the computer 
is brought into compliance with the security update policy. 

Claim 49: 

A method for enforcing pre-access connectivity restrictions on a new machine so 
as to enforce security updates, the method comprising: 

before deployment, incorporating into the new machine an initial security update 
policy that prevents computer infections occurring before the new computer can obtain 
security-relevant updates; 

detecting attempts to connect the new machine to other devices; 

determining at the new machine, based on an said initial security update policy 
that establishes a restricted zone of acceptable connections, which devices the new 
machine is permitted to connect to, so that without reiving on any external network- 
based security mechanisms the machine is provided with a fully self-contained 
enforcement mechanisms that not a ll ow e d to part i c i pat e prevents the machine from 
participating with general connectivity to the Internet until security-relevant updates 
have been applied to the machine; and 
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blocking at the new machine any connection that attempts to connect the new 
machine to a device outside the restricted zone of acceptable connections, so that the 
machine cannot participate with general connectivity to the Internet until the machine is 
brought into compliance with the security update policy. 

Allowable Subject Matter 
3. Claims 1-70 are allowed. 

The following is an examiner's statement of reasons for allowance: 

As per claim 1 : 

The prior art on record either taken singularly or in combination fail to teach 
specifically "before deployment of the new computer, imaging the computer's storage to 
include a preconfigured security update policy for preventing Internet-borne infections 
occurring before the computer can obtain security-relevant updates; upon the initial 
deployment of the new computer, applying said preconfigured security update policy to 
establish at the computer a pre-access restricted zone of at least one preapproved host 
that the computer is restricted to connect to upon its initial deployment for obtaining 
current security-relevant updates, so that without relying on any external network-based 
security mechanisms the computer is provided with a fully self-contained enforcement 
mechanisms that completely blocks the computer from all other connectivity to the 
Internet until security-relevant updates have been completed' including all the other 
limitations recited in claim 1. 

Independent claims 26 and 49 have similar limitations as claim 1 and therefore 
are also allowed for the same reason set forth above. 
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Dependent claims 2-25, 27-48 and 50-70 are also allowed. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SHEWAYE GELAGAY whose telephone number is 
(571)272-4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/S. Q.I 
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